﻿<?php
include("../includes/db_connect.php");
include("../includes/safefunctions.php");
	
if(isset($_POST["submit"])) {
	echo "<div id=\"result\">";
	$name = safety($_POST["name"]);
	$year = safety($_POST["year"]);
	$start = safety($_POST["start"]);
	$end = safety($_POST["end"]);
	
	$classQuery = mysqli_query($db, "SELECT name, year FROM class WHERE name='$name' AND year='$year'");
	if(mysqli_num_rows($classQuery) === 0) {
		$classQuery = mysqli_query($db, "INSERT INTO class (name, year, start, end) VALUES ('$name', '$year', '$start', '$end')");
		if($classQuery) {
			$studentName = "$name"."_student_"."$year";
			$studentQuery = mysqli_query($db, "INSERT INTO user_groups (name) VALUES ('$studentName')");

			if($studentQuery) {
				$teacherName = "$name"."_teacher_"."$year";
				$teacherQuery = mysqli_query($db, "INSERT INTO user_groups (name) VALUES ('$teacherName')");
			
				if($teacherQuery) {
					$idQuery = mysqli_query($db, "SELECT id FROM user_groups WHERE name='$studentName' LIMIT 1");
					$idQuery = $idQuery->fetch_assoc();
					$studentId = $idQuery["id"];
					$idQuery = mysqli_query($db, "SELECT id FROM user_groups WHERE name='$teacherName' LIMIT 1");
					$idQuery = $idQuery->fetch_assoc();
					$teacherId = $idQuery["id"];
					$error = false;
				
					for($i = 1; $i <= 10; $i++) {
				
						if($i === 3) {
							mysqli_query($db, "INSERT INTO pages (name, tagName, parentId, hidden, script, text, file, allowScript, isLink) VALUES('{$db->real_escape_string("$name - $year")}','{$db->real_escape_string("$name - $year")}','3','','','', NULL,'0','0')");
							$pageIdQuery = mysqli_query($db, "SELECT id FROM pages WHERE name='{$db->real_escape_string("$name - $year")}'");
							$pageId = $pageIdQuery->fetch_assoc()["id"];
							if(!mysqli_query($db, "INSERT INTO group_rights (groupId, pageId, rights) VALUES ('$studentId', '$pageId', '4')")) {
								echo "Kunde inte skapa rättigheter för student";
								$error = true;
								break;	
							}else if(!mysqli_query($db, "INSERT INTO group_rights (groupId, pageId, rights) VALUES ('$teacherId', '$pageId', '6')")) {
								echo "Kunde inte skapa rättigheter för lärare";
								$error = true;
								break;
							}
							continue;
						}
						if(!mysqli_query($db, "INSERT INTO group_rights (groupId, pageId, rights) VALUES ('$studentId', '$i', '4')")) {
							echo "Kunde inte skapa rättigheter för student";
							$error = true;
							break;
						}else if(!mysqli_query($db, "INSERT INTO group_rights (groupId, pageId, rights) VALUES ('$teacherId', '$i', '4')")) {
							echo "Kunde inte skapa rättigheter för lärare";
							$error = true;
							break;
						}
					}
					
					if(!mysqli_query($db, "INSERT INTO group_rights (groupId, pageId, rights) VALUES ('$teacherId', '15', '4')")) {
						echo "Kunde inte skapa rättigheter för lärare";
						$error = true;
					}else if(!mysqli_query($db, "INSERT INTO group_rights (groupId, pageId, rights) VALUES ('$teacherId', '38', '4')")) {
						echo "Kunde inte skapa rättigheter för lärare";
						$error = true;
					}else if(!mysqli_query($db, "INSERT INTO group_rights (groupId, pageId, rights) VALUES ('$teacherId', '43', '4')")) {
						echo "Kunde inte skapa rättigheter för lärare";
						$error = true;
					}else if(!mysqli_query($db, "INSERT INTO group_rights (groupId, pageId, rights) VALUES ('$teacherId', '39', '4')")) {
						echo "Kunde inte skapa rättigheter för lärare";
						$error = true;
					}
						
					if(!$error)
						echo "Ny utbildning har skapats.";
				}else{
					echo "Kunde inte lägga in en ny klass";
				}
			}else{
				echo "Kunde inte lägga in en ny klass";
			}
		}else{
			echo "Kunde inte lägga in en ny klass";
		}
	}else{
		echo "Klassen finns redan";
	}
	
	echo "</div>";
}else{
	echo "<div id=\"result\"></div>";
	echo "<form class=\"formEducation\" action=\"\" method=\"POST\">
	<table><tr><td>
	NAMN:
	</td><td><input type=\"text\" name=\"name\" maxlength=\"50\">
	</td></tr><tr><td>ÅR:
	</td><td><input type=\"text\" name=\"year\" maxlength=\"4\">
	</td></tr><tr><td>START:
	</td><td><input type=\"date\" name=\"start\" maxlength=\"10\">
	</td></tr><tr><td>SLUT:
	</td><td><input type=\"date\" name=\"end\" maxlength=\"10\">
	</td></tr><tr><td><input type=\"submit\"name=\"submit\" value=\"Hämta\">
	</td></tr></table>
	</form>";
}
?>

<script src="script/jquery-1.11.1.min.js"></script>
<script src="script/ajaxlinks.js"></script>
<script>
var _SESSION = {};
_SESSION["currentPage"] = "createEducation.php";
$('form.formEducation').submit(function (e) {
	e.preventDefault();
	var form = document.forms[0];
	var url = "submit=get";
	url += "&name="+form["name"].value;
	url += "&year="+form["year"].value;
	url += "&start="+form["start"].value;
	url += "&end="+form["end"].value;
	
	var page = getPage(_SESSION["currentPage"], "POST", url);
	var tmpDiv = document.createElement("div");
	tmpDiv.innerHTML = page;
	document.getElementById("result").innerHTML = tmpDiv.querySelector("[id=result]").innerHTML;
	
	return false;

});
</script>